DeSEO: Combating Search-Result Poisoning

Executive Summary

The authors perform an in-depth study of SEO attacks that spread malware by poisoning search results for popular queries. Such attacks, although recent, appear to be both widespread and effective. They compromise legitimate Web sites and generate a large number of fake pages targeting trendy keywords. They first dissect one example attack that affects over 5,000 Web domains and attracts over 81,000 user visits. Further, they develop de-SEO, a system that automatically detects these attacks. Using large datasets with hundreds of billions of URLs, de-SEO successfully identifies multiple malicious SEO campaigns. In particular, applying the URL signatures derived from de-SEO, they find 36% of sampled searches to Google and Bing contain at least one malicious link in the top results at the time of their experiment.